uisge
December 28th, 2008, 13:34
Hi -
I do have a server running a couple of service jails with a lot of logfile production in each individual jail. Now, I would like to forward all logging messages to a syslogd(-ng) running at the jail's host (quasi a logserver scenario). The server is protected by a PF deny all strategy.
Let me start with my plan sofar:
1) Every syslogd at every jail is simply forwarding all logging messages to the host's syslogd (all IPs are from the RFC1918 pool)
2) *All* messages are logged into a *single* logfile (600).
3) Either use swatch, or if syslogd-ng will be running, its functionality to trigger and mail really important instances.
Ok, I would like to get advice, criticism, proposals on whether this is a good idea at all, or on how should my plan be realized, instead?
And, I'm interested in how you are dealing with logfiles from different servers.
I do have a server running a couple of service jails with a lot of logfile production in each individual jail. Now, I would like to forward all logging messages to a syslogd(-ng) running at the jail's host (quasi a logserver scenario). The server is protected by a PF deny all strategy.
Let me start with my plan sofar:
1) Every syslogd at every jail is simply forwarding all logging messages to the host's syslogd (all IPs are from the RFC1918 pool)
2) *All* messages are logged into a *single* logfile (600).
3) Either use swatch, or if syslogd-ng will be running, its functionality to trigger and mail really important instances.
Ok, I would like to get advice, criticism, proposals on whether this is a good idea at all, or on how should my plan be realized, instead?
And, I'm interested in how you are dealing with logfiles from different servers.